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Remarks 

The above Amendments and these Remarks are in reply to the Office Action mailed July 27, 
2004. A Terminal Disclaimer with a Certificate of Ownership for the current application and U.S. 
Patent No. 6,158,010 is filed with the current response. 

L Summary of Examiners Rejections 

PriortotheOfficeActionmailed July 27,2004,Claims 58-76, 112-127, 133-135 and 147-156 
were pending in the Application. In the Office Action mailed July 27, 2004, Claim 1 17 was rejected 
under 35 U.S.C. 1 12, as being indefinite. Claims 75, 1 16 and 147 were rejected under the judicially 
created doctrine of double patenting over Claims 1 , 4, 5, 9, 1 3, 1 4, 47, 50 and 52 of U.S. Patent No. 
6, 1 58,01 0. Claims 58-70, 72-74, 1 1 2-1 1 4, 1 1 8, 1 1 9, 1 21 -1 27 and 1 49-1 56 were rejected under 35 
U .S.C. 1 02(e) as being anticipated by Nessett et al. (U .S. Patent No. 5,968, 1 76, hereafter Nessett). 
Claims 76, 1 1 5 and 1 20 were rejected under U.S.C. 1 03(a) as being unpatentable over Nessett in 
view of Klein et al. (U.S. Patent No. 6,539,414, hereafter Klein). Claims 1 17 and 133-135 were 
rejected under 35 U.S.C. 1 03(a) as being unpatentable over Nessett in view of Brooks et al. (U .S. 
Patent No. 6,009,507, hereafter Brooks). Claims 71 and 1 48 were objected to as being dependent 
upon a rejected base claim, but the Examiner indicated that these claims would be allowable if 
rewritten in independent form including all of the limitations of the base claim and any intervening 
claims. 

IL Summary of Applicants' Amendment 

The present Response amend Claims 58, 59, 64, 65, 69, 71 , 1 1 3, 1 1 5, 1 1 7, 1 1 9-1 22 and 
1 48; cancels Claims 60-63, 66, 67, 70, 72-76, 1 20, 1 21 , 1 23-1 27, 1 33-1 35, 1 47, and 1 49-1 56; and 
adds new Claims 1 57-1 70, leaving for the Examiner's present consideration Claims 58, 59, 64, 65, 
68, 69, 71 , 1 1 3-1 1 7, 1 1 9, 1 22, 1 48, and 1 57-1 70. Reconsideration of the Application, as amended, 
is respectfully requested. Applicant reserves the right to prosecute any originally presented or 
canceled claims in a continuing or future application. 

ML Allowable Subject IVIatter 
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Claims 71 and 148 

Claims 71 and 1 48 were objected to as being dependent upon a rejected base claim. The 
present response rewrites Claims 71 and 148 in independent form including all of the limitations of 
the base claim and any intervening claims. Applicant respectfully submits that Claim 71 and 148 
are now allowable, and reconsideration thereof is respectfully requested. 

IV. Claim Rejections under Double Patenting 

In the Office Action mailed July 27, 2004, Claims 75. 1 1 6 and 1 47 were rejected under the 
judicially created doctrine of double patenting over Claims 1,4,5,9,1 3, 14, 47, 50 and 52 of U .S. 
Patent No. 6,1 58,01 0. An appropriate Terminal Disclaimer, together with a Certificate of Common 
Ownership is being filed herewith. Applicant respectfully submits that this renders moot the 
rejection of Claims 75, 166 and 147 under the doctrine of double patenting, and reconsideration 
thereof is respectfully requested. 

V. Claim Reiections under 35 U.S.C. S 112 

In the Office Action mailed July 27, 2004, Claim 1 1 7 was rejected under 35 U.S.C. 1 1 2 as 
being indefinite for failing to particularly point out and distinctly claim the subject matter Applicant 
believesto be the invention. Accordingly, the present Response amends Claim 117, as described 
in further detail below, to more clearly define the embodiment of the invention therein. Applicant 
respectfully submits that Claim 117 now conforms to the requirements of 35 U.S.C. 112, and 
reconsideration thereof is respectfully requested. 

VL Claim Reiections under 35 U.S.C. S 102(e) 

In the Office Action mailed July 27, 2004, Claims 58-70, 72-74, 1 1 2-1 1 4, 1 1 8, 1 1 9, 1 21 -1 27 
and 1 49-1 56 were rejected under 35 U.S.C. 1 02(e) as being anticipated by Nessett (U.S. Patent No. 
5,968,176). 

Claim 58 
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Claim 58 has been amended by the current Response to more clearly define the 
embodiment of the invention therein. As amended, Claim 58 defines: 

58. (Currently Amended) A system for maintaining security in a distributed 

computing environment, comprising: 

a central policy manager for managing and distributing a security policy; and 
an application guard located at a client, said application guard including a 

customized local policy particular to that client, for managing access by a user of the 

client to software application components at the client, as specified by the security 

policy. 

Claim 58, as currently amended, defines a system for maintaining security in a distributed 
computing environment, comprising a policy manager for managing access by a user of the client 
to software application components at the client, as specified by the security policy. Applicant 
respectfully submits that these features are not disclosed by the cited references. Particularly in the 
embodiment of the invention defined by Claim 58, the application guard is for managing access to 
a software application component. 

Nessett discloses a multilayer firewall system. Nessett apparently discloses a distributed 
firewall system for establishing security in a network of multiple devices, such as remote access 
equipment, routers, switches, repeaters and network cards. A security policy script is provided 
having a syntax that allows translation of the security policy statement into configuration data for the 
protocol and the device type of the node in the network at which the policy is enforced. (Column 7, 
Lines 41-45). The generic term "node" refers to either end systems or network devices. End 
Systems (hosts) are the nodes identified in the policy statements. (Column 8, Lines 1-3). The 
security policy language itself is used to write a set of security policy statements that specify allowed 
activity between end systems. An illustrative rule base and syntax has activities like FTP, Telnet, 
Real Audio and HTTP. (Column 8, Lines 34-55). It appears from the above that the nodes protected 
by distributed firewall system are devices and end systems (hosts), and that policies are used to 
protect the network and protocol access to these devices. 

However in the embodiment of the invention defined by claim 58, an application guard 
located at a client is used to manage access to a software application component at that client. 

-23- 
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Typically, network access to the client occurs first, followed by application access to the software 
applications running on the client. The security access to these software applications and their 
application components is different from the network and protocol access to the device on which 
these software applications are running. 

Furthermore, Nessett discloses that each NIC, such as the NIC at the end system 601 
shown in Figure 7, uses the security policy rules to filter packets at the end system, enforcing the 
policy rules so that the end system would not be able to receive any traffic other than FTP. (Column 
23, Lines 20-26). The two examples described with respect to Figure 6 and Figure 7 describe how 
the NICs enforce the network security policy for the host systems in a network. (Column 21 , Line 
54 - Column 23, Line 57). This suggests that, in Nessett, the NICs on the host systems are 
responsible for enforcing the security policies at the network access of the host systems, and that 
there is no support for enforcing any security policies for the software applications and their 
components running on these host systems. Hence, Applicant respectfully submits that Nessett 
does not teach managing access to software application components, as currently defined by Claim 
58. 

In view of the above comments. Applicant respectfully submits that Claim 58 is neither 
anticipated by, nor obvious in view of the cited references, and reconsideration thereof is respectfully 
requested. 

Claims 59-70, 72-74, 112-114, 118, 119, 133-135, 147 and 149-156 

Claims 60-63, 66, 67, 70, 72-74, 1 1 2, 1 1 8, 1 33-1 35, 1 47 and 1 49-1 56 are canceled by the 
current Response, rendering moot the rejection of these claims. 

Claims 59, 64, 65, 68, 69, 113, 114 and 119 are not addressed separately but it is 
respectfully submitted that these Claims are allowable for reasons similar to those provided above 
with respect to Claim 58. Applicant respectfully submits that Claims 59, 64, 65, 68, 69, 113, 114 
and 119 are similarly neither anticipated by, nor obvious in view of the cited references, and 
reconsideration thereof is respectfully requested. 
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It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant resen/es the right to argue these limitations should it become 
necessary in the future. 

V!L Claim Rejections under 35 U-S.C, S 103(a) 

In the Office Action mailed July 27, 2004, Claims 76, 1 15 and 120 were rejected under 
U.S.C. 103(a) as being unpatentable over Nessett in view of Klein (U.S. Patent No. 6,539,414). 
Claims 117and 133-1 35 were rejected under 35 U.S.C. 103(a) as being unpatentable over Nessett 
in view of Brooks (U.S. Patent No. 6,009,507). 

Claim 76 

The comments provided above with respect to Claim 58 are incorporated herein by 
reference. Claim 76 depends from and includes all of the limitations and features of Claim 59. 
Claim 59 as currently amended, further defines the system wherein the policy manager comprises 
an Application Programming Interface (API) that at least allows programs to perform the same 
functions as human operator. 

Klein discloses a method for incorporating collateral and concurrent activity in a data 
processing transaction. Apparently, an API 50 (shown in FIG 1 as residing on CPU 1 2) is provided 
to implement one or more predetermined policy rules. API 50 is an application specific process, 
called within the context of the particular transaction started by application 40. (Column4, Lines 54- 
59). This suggests that the API in Klein is used to implement policy rules for an application running 
on a host system, and has nothing to do with the network security of the host system. 

Applicant respectfully submits that Nessett cannot be combined with Klein to anticipate the 
embodiment of Claim 76, since Nessett teaches network security of host systems and devices, 
whereas Klein teaches policy rule implementations of applications running on a host system. 

In view of the above comments. Applicant respectfully submits that Claim 76 is neither 
anticipated by, nor obvious in view of the cited references, and reconsideration thereof is respectfully 
requested. 
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Claims 115 and 120 

Claims 1 1 5 and 1 20 are not addressed separately but it is respectfully submitted that these 
claims are allowable in view of the comments provided above. Applicant respectfully submits that 
Claims 1 1 Sand 1 20 are similarly neither anticipated by, nor obvious in view of the cited references, 
and reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant reserves the right to argue these limitations should it become 
necessary in the future. 

Claim 117 

The comments provided above with respect to Claim 58 are incorporated herein by 
reference. Through inadvertent typographical error, Claim 117 was originally presented as 
depending from Claim 1 1 3. Claim 1 1 7 has been amended by the present Response to properly 
depend from Claim 116. 

Claim 117 as currently amended, further defines the system wherein the authorization 
engine comprises plug-ins that at least allow for additional capabilities to process and evaluate an 
authorization request based on customized code. 

Brooks discloses a system and method for distributing processing among one or more 
processors. The DSP software plug-in allows client's application to interact with digital signal 
processors. The overall goal of the object oriented programming is to allow DSP software and 
Signal processing devices to easily plug-in to client's application, thus yielding greater functionality 
and customization of the system for end user. (Column 6, Lines 26-36). This appears to suggest 
that Brooks does not teach an authorization engine to process and evaluate authorization requests, 
but instead describes functionality and customization of the system for the end user. 

However, in the embodiment of the invention defined by Claim 1 1 7, the authorization engine 
processes and evaluates authorization requests. Applicant respectfully submits that Nessett cannot 
be combined with Brooks to teach the embodiment of the invention defined by Clam 117, since 
neither Nessett nor Brooks teaches securing software application and their components. 
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In view of the above comments, Applicant respectfully submits that Claim 1 17 is neither 
anticipated by, nor obvious in view of the cited references, and reconsideration thereof is respectfully 
requested. 

Claims 133-135 

Claims 133-135 are not addressed separately but it is respectfully submitted that these 
claims are allowable in view of the comments provided above for Claim 1 1 7. Applicant respectfully 
submits that Claims 1 33-1 35 are similarly neither anticipated by, nor obvious in view of the cited 
references, and reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant reserves the right to argue these limitations should it become 
necessary in the future. 

VIH. Additional Amendments 

Claims 1 57-1 70 are newly added by the current Response. It is respectfully requested that 
the additional claims be included in the Application and considered therewith. 

IX. Conclusion 

In view of the above amendments and remarks, it is respectfully submitted that all of the 
claims now pending in the subject patent application should be allowable, and reconsideration 
thereof is respectfully requested. The Examiner is respectfully requested to telephone the 
undersigned if he can assist in any way in expediting issuance of a patent. 

Enclosed is a PETITION FOR EXTENSION OF TIME UNDER 37 C.F.R. § 1.136 for 
extending the time to respond up to and including today, November 29, 2004. 
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The Commissioner is authorized to charge any underpayment or credit any overpayment 
to Deposit Account No. 06-1325 for any matter in connection with this response, 
including any fee for extension of time, which may be required. 



Respectfully submitted, 





Karl Kenna 
Reg. No. 45,445 



FLIESLER MEYER LLP 
Four Embarcadero Center, Fourth Floor 
San Francisco, California 94111-4156 
Telephone: (415) 362-3800 
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